Sign up for The Paypers newsletter Follow The Paypers on LinkedIn Follow The Paypers on Twitter Follow The Paypers on Facebook Follow The Paypers on Google +
The Paypers, paypers, Insight in payments, News, Reports, Events
Case study

CASE STUDY: Securing the evolving omni-commerce world

Tuesday 26 March 2013 | 09:30 AM CET

E-commerce no longer means ‘web commerce’. Today’s consumers shop in an omni-channel world, buying across multiple channels and geographic markets, and via multiple touch points, including mobile, apps, social media, interactive TV and, of course, the web. Companies need to provide consumers with the best and most consistent online experience possible across a wide range of channels, particularly at the critical stage of taking payments. However, the increasing complexity around taking payments via ‘card not present’ methods across multiple channels makes it difficult for retailers to assess the validity of each purchase, and to authenticate customers’ identities.

CyberSource’s 2013 UK eCommerce Fraud Report found that 41 percent of merchants operate a mobile site, but 71 percent of these only use the standard fraud screening used on their web commerce channel, even though it is a separate channel. This is a major problem, as some fraud checks that work for eCommerce channels may be counterproductive, irrelevant and potentially misleading when applied to other channels, such as mobile. For example, use of IP address geolocation by merchants when looking at web orders is standard practice, but if applied to the mobile world can lead to misleading results.

Similarly, many merchants are used to looking at orders placed during ‘normal’ hours of the day to spot good orders, but in the mobile world the definition of ‘normal’ hours is not as relevant with many shoppers making purchases when it suits them rather than when they’re in the office in front of their computer.

As the amount of channels merchants offer increases, the complexity and risk associated with the management of payments exponentially increases, and what merchants really need to do to tackle increasing cybercrime is to start joining up their back-end processes. This will provide them with a single view of the customer and the who, what, where, when and how around their purchase behaviour, along with the ability to spot abnormal behaviour and prevent fraudulent activity across multiple platforms without affecting the customer experience. For example, if a customer was just rejected on a merchant’s website for entering an incorrect 3DSecure password, could that merchant spot that the same customer was now trying to purchase via the call centre or mobile app where 3DSecure is not applicable?

However this requires an understanding of the demands and level of activity of each channel that merchants offer. Surprisingly, CyberSource’s recent survey revealed that as many as 18 percent of merchants do not track fraud by channel at all. Fraudsters understand that there are gaps to exploit between payment channels and until merchants take steps to tighten those gaps they will be putting their business and their customers at risk as fraudsters seek to exploit these gaps. Merchants’ back-end systems must be tightened up to begin to tackle fraud rates, and the first step is tracking activity across the different channels payments are offered through so that anti-fraud measures can be surgically targeted to the channel being attacked by fraudsters rather than bluntly across all channels.

Future-proofing the evolving omni-commerce world as they rapidly expand across multiple channels not only makes merchants’ lives easier but also ensures that their customers’ data is secure by simply taking it out of their own hands. An alternative approach is to work with a service provider that can process payments on behalf of retailers so that the data is stored remotely and securely. Hosted payment acceptance is a page that directs the customer to a third-party webpage at the point of sale, and when combined with tokenisation, removes sensitive payment data from the merchant’s environment, cutting the risk of a data leak. A token is provided to the retailer for storage in their planning system for future transaction processing and customer service activities, but the retailer never has anything more than the last four numbers of anyone’s card details. Sensitive payment data is not stored anywhere on the retailer’s system meaning retailers can deliver a better customer experience without ever touching, storing or handling payment data.

To effectively, efficiently and securely future-proof their businesses for the omni-commerce world retailers must take a holistic view to managing the payments process and provide customers with a seamless, secure and consistent checkout experience, whatever the channel. The e-commerce landscape used to be straightforward, but now with so many channels to cater for and manage, retailers need to make sure they put forward-thinking measures in place so that they don’t fall short.

About Dr Akif Khan, Director, Strategic Initiatives, CyberSource

Dr Akif Khan joined CyberSource in December 2004. As Director, Strategic Initiatives, he has become an industry thought leader and influential speaker within the eCommerce payment and fraud arenas. Helping and advising online businesses all over the world, Akif has witnessed the latest challenges faced by organisations in multiple geographies and market sectors. In July 2012, he was elected to serve on the Merchant Risk Council’s European Advisory Board.


Founded in 1994, CyberSource is an e-commerce payment management company, serving over 390,000 customers worldwide. We provide a complete portfolio of services that simplify and automate payment operations. Global payment processing enables you to sell online across the world. Payments can be transacted in over 190 countries and in multiple currencies via a single connection. Fraud management – our global fraud portal, Decision Manager, helps you detect fraud more accurately. Access over 200 global fraud tests, including device fingerprinting, IP geolocation and multi-merchant purchase history. Enterprise payment security – reduces the risks associated with storing and handling sensitive customer payment details; we manage the data on your behalf in secure data centres.

For more information about CyberSource, please check out a detailed profile of this company in our dedicated, industry-specific online companies database.